Legal

Privacy Policy

Last updated: July 2026

Draft to be legally reviewed before the service is offered for sale.

1Data controller

The controller of your personal data is [Legal entity] — [address] — VAT [•]. You can contact us about any privacy matter at privacy@roadly.it.

The controller's full identifying details will be added before the Service is offered for sale.

2Data we collect

  • Account data: email, name and user identifier, managed by our authentication system. We do not store passwords (sign-in via magic link only).
  • Usage data: technical information about your use of the Service, such as pages viewed, service selected, device and browser type, and technical logs needed for operation and security.
  • History and favorites: the items you mark as favorites and your playback history, kept to give you synchronisation across sessions (Neon database).
  • Payment data: once the paid subscription is live, it will be handled through Stripe. Roadly does not store full card details: it receives from Stripe only the information needed to manage the subscription (status, amount, last digits of the card).

We do not collect, transmit or store the third-party content you play: the IPTV lists and source credentials you connect are processed only to give you access to your own content.

3Legal bases (GDPR)

  • Performance of the contract (Art. 6.1.b GDPR): account creation, delivery of the Service, subscription and payment management.
  • Legitimate interest (Art. 6.1.f GDPR): security of the Service, abuse prevention, technical improvement.
  • Consent (Art. 6.1.a GDPR): any non-strictly-necessary cookies or analytics tools, where enabled.
  • Legal obligations (Art. 6.1.c GDPR): tax and accounting obligations relating to payments.

4Sub-processors

To deliver the Service we rely on third-party providers who process data on our behalf:

  • Neon — database and storage of account data (email, name, history, favorites).
  • Brevo — delivery of sign-in emails (magic link).
  • Oracle Cloud — application hosting and streaming.
  • PayPal — payment processing.

Some of these providers may process data outside the European Union. In such cases transfers are made in compliance with the GDPR, on the basis of Standard Contractual Clauses (SCC) approved by the European Commission or other appropriate safeguards.

5Data retention

We keep data for as long as necessary to provide the Service and to comply with legal obligations. Account and usage data are kept for the duration of the subscription and deleted or anonymised within a reasonable time after the account is closed, save for retention obligations (for example accounting and tax).

6Your rights and contact

You have the right to access your data, request its rectification or erasure, restriction of or objection to processing, and data portability. You may also withdraw consent at any time and lodge a complaint with the data protection supervisory authority.

To exercise your rights, write to us at privacy@roadly.it. We will respond within the time limits set by law.

7Cookies

We use cookies and similar technologies that are strictly necessary for the Service to work (for example for authentication and to keep your session). These technical cookies do not require consent.

Should we introduce analytics or measurement tools that are not strictly necessary, we will enable them only with your prior consent through a dedicated banner, in line with applicable law.

8Minors

The Service is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with data, contact us and we will delete it.

9Changes to this policy

We may update this policy. In case of material changes we will notify you. Please review this page from time to time to stay informed about how we process your data.